US cyber exercise providing valuable lessons: officialsWashington (AFP) Sept 29, 2010 -
US cybersecurity experts will learn valuable lessons from an ongoing exercise that simulates a massive cyberattack on the United States, US officials said Wednesday.
"Cyber Storm III," which simulates a "large-scale cyberattack on critical infrastructure," kicked off on Tuesday and involves thousands of participants in the United States and a dozen other countries.
"I can say that we are very pleased with how things are going," said Phil Reitinger, a deputy undersecretary in the Department of Homeland Security (DHS), which is organizing the three-day exercise.
"Exercises of this type give us a real window into what the capabilities are, where we need to make progress," Reitinger told reporters at US Secret Service headquarters here, where the "exercise control room" is based.

"One of the things that's critical to recognize about cyberspace is this is beyond the capability of any one government agency to respond to, or even one government or one private sector entity," he said. "This really requires a joint response."
Reitinger said the exercise is a test of the "ability to tie together information across sectors, across the government, with the private sector and internationally and generate a common response."
Seven US government agencies are taking part in the exercise, 11 US states, 60 private companies and 12 international partners: Australia, Britain, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden and Switzerland.
Reitinger, a former Microsoft executive, said the exercise is the first opportunity to test the new National Cybersecurity and Communications Integration Center (NCCIC) based in Virginia.
The NCCIC booted up in October 2009 to serve as the coordinating center for US cybersecurity operations. It houses US government computer experts and their private sector counterparts under one roof.

"We had other mechanisms before, we had other bodies," Reitinger said.
"What NCCIC provides is the organizational mechanism to bring all of those capabilities together on a joint watch floor, to share information not only virtually but between people breathing the same air."
After the exercise ends, officials are due to draft an after-action report whose conclusions will be integrated into the national response plan.
Brett Lambo, director of DHS's Cyber Exercise Program, described the exercise as "an organic, living breathing thing."
"Everybody's fighting the same core scenario" and trying to make it as realistic as possible, he said.
"We certainly hope we're minimizing the loss of fidelity as to what a real event would look like."
According to DHS officials, the scenario for the exercise involves a simulated cyberattack on government and private networks that undermines basic trust in the Internet.

The third consecutive biannual exercise testing government and industry readiness to counter threats to cybersecurity comes at a time when resources are stretched but the threat is nowhere near being sized up or disappearing from the scene.

This week's Cyber Storm III exercise, backed by the U.S. Department of Homeland Security and involving industry leaders, federal and state agencies and foreign governments, will be the largest conducted, organizers said.

The exercises follow by nearly a year a cybersecurity awareness campaign launched across the United States last year and since emulated in other countries.

The participants' list indicated the scope for international expansion of the exercises is large.

Of the countries participating -- Australia, Britain, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden, Switzerland and the United States -- none are from Central or South America or from Africa, Asia or the Middle East, where security experts reported recent upsurge in cyberthreat incidents.

With new threats cropping up in cyberspace every now and then, new solutions are constantly in demand -- a growth area for the security industries but a headache for funding agencies, which find budgeting for contingencies a challenge of almost immeasurable proportions, analysts said.

The Cyber Storm exercises simulate large-scale cyberattacks on the U.S. government and the nation's critical infrastructure, such as energy grids and nuclear power plants, to test the response of government and industry cybersecurity personnel.

The Cyber Storm III exercise this week includes participants from seven federal agencies, 11 states, 60 private companies, and 12 international partners. The last exercise two years ago, Cyber Storm II, had the same number of federal agencies participating, nine states, 40 private companies and only four international partners.

The growth in the number of corporate participation indicated industry optimism the exercise could lead to or generate new business for in the coming months. Continuing political uncertainties have kept the security industry operations ticking along, although there's most security of spending in government and corporate sectors, analysts said.

This year's exercise will test out the recently developed National Cyber Incident Response Plan, a government blueprint for cybersecurity incident response, as well as the new National Cybersecurity and Communications Integration Center in Arlington, Va., in October 2009.

"The Cyber Storm III exercise scenario reflects the increased sophistication of our adversaries, who have moved beyond more familiar Web page defacements and Denial of Service attacks in favor of advanced, targeted attacks that use the Internet's fundamental elements against itself -- with the goal of compromising trusted transactions and relationships," a Department of Homeland Security fact sheet said.

"The scenario will incorporate known, credible technical capabilities of adversaries and the exploitation of real cyber infrastructure vulnerabilities, resulting in a range of potential consequences -- including loss of life and the crippling of critical government and private sector functions," said the fact sheet.

Last week government plans for monitoring hostile cyberactivity from space advanced further with the launch of the first Space Based Space Surveillance satellite.

The SBSS Block 10 satellite, built for the U.S. Air Force by a Boeing-led team, was launched by an Orbital Sciences Minotaur IV rocket.

Analysts said the successful launch of the SBSS satellite moved to a new level issues of space security amid a global proliferation of space satellite technology, now increasingly available to both friends and adversaries of the United States.

'Cyber Storm III' tests US preparedness for cyber attackArlington, Virginia (AFP) Sept 28, 2010
Keyboard warriors from the United States and a dozen other nations were battling a simulated cyber attack Tuesday on government and private networks that undermines basic trust in the Internet.
"Cyber Storm III," which simulates a "large-scale cyberattack on critical infrastructure," involves thousands of participants at computer work stations across the globe and is one of the largest such ... read more

The content herein, unless otherwise known to be public domain, are Copyright 1995-2014 - Space Media Network. AFP, UPI and IANS news wire stories are copyright Agence France-Presse, United Press International and Indo-Asia News Service. ESA Portal Reports are copyright European Space Agency.
All NASA sourced material is public domain. Additional copyrights may apply in whole or part to other bona fide parties. Advertising does not imply endorsement,agreement or approval of any opinions, statements or information provided by Space Media Network on any Web page published or hosted by Space Media Network. Privacy Statement